Moving to cloud-based SIEM: the cost advantage

Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management (SIEM) solutions, cost overwhelmingly shapes the discussion as well.

For example, according to new IDG research among 300 IT and security leaders, the top outcomes respondents expect by switching to cloud-based SIEM include:

  • Forty percent—lower staffing costs.
  • Forty percent—lower operational expenses (OpEx).
  • Thirty-four percent—lower capital expenses (CapEx).

“If you look at it on the surface, the cloud is more expensive than on-premises. But you have to factor in the soft costs…” said one technology services CIO. In fact, for this CIO and his company, it no longer made sense to continue running traditional on-premises SIEM in his datacenter.

“It was very hard to continue to expand,” he explained. “It wasn’t super cost effective. It was pushing our bandwidth. Managing it internally required skillsets that I wouldn’t need with a cloud-based implementation.”

This blog will summarize some of the key findings in a new IDG report published by Microsoft Azure. You can learn about additional challenges to security operations teams by reading the IDG report: SIEM Shift: How the Cloud is Transforming Security Operations.

Unmasking cost factors

All those soft costs add up. IDG found that cloud-based SIEM users spend, on average, $541,000 per year to support their solution, while on-premises companies are averaging $607,000.

Traditional on-premises SIEM users reported higher costs across the board—including for licensing, maintenance, software, and staffing expenditures. They were also more likely to cite hidden costs associated with supporting their on-premises solutions, including:

  • Staffing/training SIEM analysts.
  • Initial purchase/licensing costs.
  • Integration of data sources.

On the other hand, respondents using cloud-based SIEM solutions are focused on finding further efficiencies. For example, they’re automating operations at nearly double the rate of on-premises users. They’ve discovered that by shifting these tasks to an automated cloud solution, personnel can focus on more strategic initiatives.

Following a transition to cloud-based SIEM, “Nobody lost their job,” said one senior solutions architect for a telecom company. In fact, those workers who originally supported the on-premises solution were retrained and moved into DevOps, he said.

The bottom line

On-premises SIEM users are 11 percent more likely than cloud-based implementers to cite total cost of ownership as an existing challenge, according to IDG. As data volumes continue to grow, managing total cost of ownership (TCO) for traditional SIEM can become unwieldy. Infrastructure expenses will increase, right along with the staffing needs to support the solution.

“When you look at total cost of ownership, the cloud SIEM model becomes very attractive,” said Bob Bragdon, Senior Vice President and Publisher, CSO. “Particularly in terms of not having to build out and maintain a supporting infrastructure. When you can push that to the cloud and move from a CapEx model to an OpEx model, the financial dynamics shift considerably.”

Learn about other areas where on-premises and cloud-based SIEM like Azure Sentinel measure up by reading the IDG report: SIEM Shift: How the Cloud is Transforming Security Operations.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on Twitter: @MSFTSecurity for the latest news and updates on cybersecurity.